Skip to main content
SpringerLink
Log in

Lessons Learnt from the Adoption of Formal Model-Based Development

  • Conference paper
NASA Formal Methods (NFM 2012)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7226))

Included in the following conference series:

Abstract

This paper reviews the experience of introducing formal model-based design and code generation by means of the Simulink/Stateflow platform in the development process of a railway signalling manufacturer. Such company operates in a standard-regulated framework, for which the adoption of commercial, non qualified tools as part of the development activities poses hurdles from the verification and certification point of view. At this regard, three incremental intermediate goals have been defined, namely (1) identification of a safe-subset of the modelling language, (2) evidence of the behavioural conformance between the generated code and the modelled specification, and (3) integration of the modelling and code generation technologies within the process that is recommended by the regulations.

These three issues have been addressed by progressively tuning the usage of the technologies across different projects. This paper summarizes the lesson learnt from this experience. In particular, it shows that formal modelling and code generation are actually powerful means to enhance product safety and cost effectiveness. Nevertheless, their adoption is not a straightforward step, and incremental adjustments and refinements are required in order to establish a formal model-based process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adler, R., Schaefer, I., Schuele, T., Vecchié, E.: From Model-Based Design to Formal Verification of Adaptive Embedded Systems. In: Butler, M., Hinchey, M.G., Larrondo-Petrie, M.M. (eds.) ICFEM 2007. LNCS, vol. 4789, pp. 76–95. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  2. Bacherini, S., Fantechi, A., Tempestini, M., Zingoni, N.: A Story About Formal Methods Adoption by a Railway Signaling Manufacturer. In: Misra, J., Nipkow, T., Karakostas, G. (eds.) FM 2006. LNCS, vol. 4085, pp. 179–189. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Behm, P., Benoit, P., Faivre, A., Meynadier, J.-M.: Météor: A Successful Application of B in a Large Project. In: Wing, J.M., Woodcock, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 369–387. Springer, Heidelberg (1999)

    Google Scholar 

  4. Bochot, T., Virelizier, P., Waeselynck, H., Wiels, V.: Model checking flight control systems: The Airbus experience. In: ICSE Companion, pp. 18–27. IEEE (2009)

    Google Scholar 

  5. Bowen, J.P., Hinchey, M.G.: Ten commandments of formal methods. IEEE Computer 28(4), 56–63 (1995)

    Article  Google Scholar 

  6. Bowen, J.P., Hinchey, M.G.: Ten commandments of formal methods...ten years later. IEEE Computer 39(1), 40–48 (2006)

    Article  Google Scholar 

  7. CENELEC. EN 50128, Railway applications - Communications, signalling and processing systems - Software for railway control and protection systems (2011)

    Google Scholar 

  8. Conrad, M.: Testing-based translation validation of generated code in the context of IEC 61508. Formal Methods in System Design 35(3), 389–401 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  9. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252 (1977)

    Google Scholar 

  10. Deutsch, A.: Static verification of dynamic properties. Polyspace Technology, white paper (2004)

    Google Scholar 

  11. Dormoy, F.X.: Scade 6: a model based solution for safety critical software development. In: ERTS 2008, pp. 1–9 (2008)

    Google Scholar 

  12. dSPACE. Targetlink (December 2011), http://www.dspaceinc.com

  13. El-Far, I.K., Whittaker, J.A.: Model-based software testing. Encyclopedia of Software Engineering 1, 825–837 (2002)

    Google Scholar 

  14. ETAS. Ascet (December 2011), http://www.etas.com

  15. Ferrari, A., Fantechi, A., Bacherini, S., Zingoni, N.: Modeling guidelines for code generation in the railway signaling context. In: NFM 2009, pp. 166–170 (2009)

    Google Scholar 

  16. Ferrari, A., Grasso, D., Magnani, G., Fantechi, A., Tempestini, M.: The Metrô Rio ATP Case Study. In: Kowalewski, S., Roveri, M. (eds.) FMICS 2010. LNCS, vol. 6371, pp. 1–16. Springer, Heidelberg (2010); journal special issue (to appear, 2012)

    Chapter  Google Scholar 

  17. Ferrari, A., Grasso, D., Magnani, G., Fantechi, A., Tempestini, M.: The Metrô Rio ATP Case Study. In: Kowalewski, S., Roveri, M. (eds.) FMICS 2010. LNCS, vol. 6371, pp. 1–16. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  18. Ferrari, A., Magnani, G., Grasso, D., Fantechi, A., Tempestini, M.: Adoption of model-based testing and abstract interpretation by a railway signalling manufacturer. IJERTCS 2(2), 42–61 (2011)

    Google Scholar 

  19. Harel, D.: Statecharts: A visual formalism for complex systems. Science of Computer Programming 8(3), 231–274 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  20. Hinchey, M.G., Bowen, J.: Applications of formal methods. Prentice-Hall (1995)

    Google Scholar 

  21. Huber, F., Schätz, B., Schmidt, A., Spies, K.: Autofocus: A Tool for Distributed Systems Specification. In: Jonsson, B., Parrow, J. (eds.) FTRTFT 1996. LNCS, vol. 1135, pp. 467–470. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  22. IEC. IEC-61508, Functional safety of electrical/electronic/programmable electronic safety-related systems (April 2010)

    Google Scholar 

  23. INRIA. Scicos: Block diagram modeler/simulator (December 2011), http://www.scicos.org/

  24. MAAB. Control algorithm modeling guidelines using Matlab, Simulink and Stateflow, version 2.0 (2007)

    Google Scholar 

  25. MathWorks. MathWorks products and services (December 2011), http://www.mathworks.com/products/

  26. Meenakshi, B., Bhatnagar, A., Roy, S.: Tool for Translating Simulink Models into Input Language of a Model Checker. In: Liu, Z., Kleinberg, R.D. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 606–620. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  27. Miller, S.P., Whalen, M.W., Cofer, D.D.: Software model checking takes off. Commun. ACM 53(2), 58–64 (2010)

    Article  Google Scholar 

  28. MISRA. Guidelines for the use of the C language in critical systems (October 2004)

    Google Scholar 

  29. Mohagheghi, P., Dehlen, V.: Where is the Proof? - A Review of Experiences from Applying MDE in Industry. In: Schieferdecker, I., Hartman, A. (eds.) ECMDA-FA 2008. LNCS, vol. 5095, pp. 432–443. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  30. RTCA. DO-178B, Software considerations in airborne systems and equipment certification (December 1992)

    Google Scholar 

  31. Scaife, N., Sofronis, C., Caspi, P., Tripakis, S., Maraninchi, F.: Defining and translating a “safe” subset of Simulink/Stateflow into Lustre. In: EMSOFT, pp. 259–268. ACM (2004)

    Google Scholar 

  32. Selic, B.: The pragmatics of model-driven development. IEEE Software 20(5), 19–25 (2003)

    Article  Google Scholar 

  33. Tretmans, J., Wijbrans, K., Chaudron, M.R.V.: Software engineering with formal methods: the development of a storm surge barrier control system revisiting seven myths of formal methods. Formal Methods in System Design 19(2), 195–215 (2001)

    Article  MATH  Google Scholar 

  34. Vouk, M.A.: Back-to-back testing. Inf. Softw. Technol. 32, 34–45 (1990)

    Article  Google Scholar 

  35. Woodcock, J., Larsen, P.G., Bicarregui, J., Fitzgerald, J.S.: Formal methods: Practice and experience. ACM Comput. Surv. 41(4) (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ISTI-CNR, Via G. Moruzzi 1, Pisa, Italy

    Alessio Ferrari, Alessandro Fantechi & Stefania Gnesi

  2. DSI, Università degli Studi di Firenze, Via di S.Marta 3, Firenze, Italy

    Alessandro Fantechi

Authors
  1. Alessio Ferrari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alessandro Fantechi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefania Gnesi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. NASA Langley Research Center, MS 130, 23681, Hampton, VA, USA

    Alwyn E. Goodloe  & Suzette Person  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ferrari, A., Fantechi, A., Gnesi, S. (2012). Lessons Learnt from the Adoption of Formal Model-Based Development. In: Goodloe, A.E., Person, S. (eds) NASA Formal Methods. NFM 2012. Lecture Notes in Computer Science, vol 7226. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28891-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28891-3_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28890-6

  • Online ISBN: 978-3-642-28891-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation